Network Security & Survivability

SOS and WebSOS: Secure Overlay Services

SOS
is a network overlay mechanism designed to counter
the threats posed by Distributed Denial of Service
attacks (DDoS).
WebSOS, is an adaptation of SOS for the Web
environment that guarantees
access to a web server that is targeted by a distributed
denial of service (DDoS) attack.
Our approach exploits two key characteristics
of the web environment: its design around a human-centric
interface, and the extensibility inherent in many
browsers through downloadable “applets.”
We guarantee access to a web server for a large
number of previously unknown users, without requiring
preexisting trust relationships between users
and the system.
Our prototype requires no modifications to either
servers or browsers, and makes use of graphical
Turing tests, web proxies, and client authentication
using the SSL/TLS protocol, all readily supported
by modern browsers. We use the WebSOS
prototype to conduct
a performance evaluation over the Internet using
PlanetLab,
a test bed for experimentation with network overlays.
We determine the end-to-end latency using both
a Chord-based
approach and our shortcut extension. Our evaluation
shows the latency increase by a
factor of 7 and 2 respectively,
confirming our simulation results.

A
Distributed Denial of Service Attack

The Target Server becomes unusable as
the attackers inject more a more traffic towards
the Target Server. The routers on the path to
the Target exhibit network congestion starting
with the ones that are closer to the Target.

WebSOS
Architecture under DDoS attack

WebSOS acts as a distributed firewall
eliminating communication pinch-points and thus
preventing the Target Server's Routers from being
congested. The user need to connect securely to
an Access Point and the overlay network route
him to the actual Target Server. The Target server
allows only the secret servlet (or a set of secret
servelts) to connect through the filtered Area.
The filtering is done using fields that a router
can filter fast (e.g. the IP address of the secret
servlet). The secret servlet's location can be
varied through time.

The disruption in the actual service depends
on the number of the secure overlay access points,
the resources and distribution of "zombies"
of the actual attacker. The addition of the Graphic
Turing Tests allows us to accept non-authenticated
traffic which is something that most web services
require. Additionally Graphic Turing tests separate
humans from automated attack scripts and allow
us more protection against naive automated attacks.
Finally GTTs provide the necessary time for the
overlay "heal" from the automated attacks.
They prevent traffic to penetrate the overlay
network and being routed to the Target server
thus making the actual Web service more resilient
to DDoS attacks.